"Android XLoader Malware Gains Auto-Execution Capability"

A new version of the XLoader Android malware, operated by the financially motivated threat actor 'Roaming Mantis,' can now automatically execute on infected devices without user interaction. It spreads through SMS texts containing URLs to deliver malicious APK installation files, and it disguises itself as legitimate software, notably the Chrome web browser. The malware requests risky permissions, such as accessing SMS content and running in the background, and can perform custom phishing attacks, extract sensitive information, and execute various commands received from its command and control server. McAfee advises using security products to detect and remove these threats.